Author: Calvin Buckley (NattyNarwhal)
Date: 2026-07-02T14:27:23-03:00
Commit: Announce PHP 8.4.23 · php/web-php@e7f6ed5 · GitHub
Raw diff: PHP 8.4.23 Released!
Announce PHP 8.4.23
Changed paths:
A archive/entries/2026-07-02-4.xml
A releases/8_4_23.php
M ChangeLog-8.php
M archive/archive.xml
M include/release-qa.php
M include/releases.inc
M include/version.inc
Diff:
diff --git a/ChangeLog-8.php b/ChangeLog-8.php
index b8cd4e8daf..54e0783f73 100644
--- a/ChangeLog-8.php
+++ b/ChangeLog-8.php
@@ -1030,6 +1030,80 @@
<a id="PHP_8_4"></a>
+<section class="version" id="8.4.23"><!-- {{{ 8.4.23 -->
+<h3>Version 8.4.23</h3>
+<b><?php release_date('03-Jul-2026'); ?></b>
+<ul><li>Core:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 22280); ?> (Incorrect compile error for goto to label preceding try/finally block).</li>
+</ul></li>
+<li>BCMath:
+<ul>
+ <li>Fixed issues with oversized allocations and signed overflow in bcround() and BcMath\Number::round().</li>
+</ul></li>
+<li>Date:
+<ul>
+ <li>Fix incorrect recurrence check of DatePeriod::createFromISO8601String().</li>
+</ul></li>
+<li>DOM:
+<ul>
+ <li>Fix <?php githubissuel('php/php-src', 22219); ?> (Dom\XMLDocument::schemaValidate fails to resolve xs:QName with prefix from imported schema).</li>
+</ul></li>
+<li>Exif:
+<ul>
+ <li>Read correct value for single and double tags.</li>
+</ul></li>
+<li>GD:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 22121); ?> (Double free in gdImageSetStyle() after overflow-triggered early return).</li>
+ <li>Fixed bug <?php githubissuel('php/php-src', 19666); ?> (imageconvolution() unexpected nan filter value).</li>
+ <li>Fixed bug <?php githubissuel('php/php-src', 19739); ?> (imageellipse/imagefilledellipse overflow).</li>
+ <li>Fixed bug <?php githubissuel('php/php-src', 19730); ?> (imageaffine overflow).</li>
+</ul></li>
+<li>Intl:
+<ul>
+ <li>Fix incorrect argument positions for uninitialized calendar arguments in IntlCalendar::equals(), ::before(), ::after(), and ::isEquivalentTo(), and for invalid start/end arguments in transliterator_transliterate().</li>
+ <li>Fixed IntlTimeZone::getDisplayName() to synchronize object error state for invalid display types.</li>
+ <li>Fixed Spoofchecker restriction-level APIs to only be exposed with ICU 53 and later.</li>
+</ul></li>
+<li>mysqli:
+<ul>
+ <li>Fix stmt->query leak in mysqli_execute_query() validation errors.</li>
+</ul></li>
+<li>Opcache:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 20469); ?> (Unsafe inheritance cache replay with reentrant autoloading).</li>
+</ul></li>
+<li>OpenSSL:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 22187); ?> (Memory corruption (zend_mm_heap corrupted) in openssl_encrypt with AES-WRAP-PAD).</li>
+</ul></li>
+<li>Phar:
+<ul>
+ <li>Fixed a bypass of the magic ".phar" directory protection in Phar::addEmptyDir() for paths starting with "/.phar", while allowing non-magic directory names that merely share the ".phar" prefix.</li>
+</ul></li>
+<li>Reflection:
+<ul>
+ <li>Preserve class-name case in ReflectionClass::getProperty() error messages and autoloading.</li>
+</ul></li>
+<li>Sqlite:
+<ul>
+ <li>Fix error checks for column retrieval.</li>
+</ul></li>
+<li>Zlib:
+<ul>
+ <li>Fixed memory leak if deflate initialization fails and there is a dict.</li>
+ <li>Fixed memory leak in inflate_add().</li>
+</ul></li>
+<li>Zip:
+<ul>
+ <li>Fixed error-related memory leaks.</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
+
+
<section class="version" id="8.4.22"><!-- {{{ 8.4.22 -->
<h3>Version 8.4.22</h3>
<b><?php release_date('04-Jun-2026'); ?></b>
diff --git a/archive/archive.xml b/archive/archive.xml
index 577a2a2f2b..10c1df8e5f 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
<uri>http://php.net/contact</uri>
<email>php-webmaster@lists.php.net</email>
</author>
+ <xi:include href="entries/2026-07-02-4.xml"/>
<xi:include href="entries/2026-07-02-3.xml"/>
<xi:include href="entries/2026-07-02-2.xml"/>
<xi:include href="entries/2026-07-02-1.xml"/>
diff --git a/archive/entries/2026-07-02-4.xml b/archive/entries/2026-07-02-4.xml
new file mode 100644
index 0000000000..8a20b09272
--- /dev/null
+++ b/archive/entries/2026-07-02-4.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+ <title>PHP 8.4.23 Released!</title>
+ <id>PHP: News Archive - 2026;
+ <published>2026-07-02T17:24:56+00:00</published>
+ <updated>2026-07-02T17:24:56+00:00</updated>
+ <link href="PHP; rel="alternate" type="text/html"/>
+ <link href="PHP: News Archive - 2026; rel="via" type="text/html"/>
+ <category term="releases" label="New PHP release"/>
+ <category term="frontpage" label="PHP.net frontpage news"/>
+ <content type="xhtml">
+ <div xmlns="http://www.w3.org/1999/xhtml"><p>The PHP development team announces the immediate availability of PHP 8.4.23. This is a security release.</p>
+
+<p>All PHP 8.4 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.4.23 please visit our <a href="https://www.php.net/downloads.php">downloads page</a>,
+Windows source and binaries can also be found <a href="PHP: Downloads.
+The list of changes is recorded in the <a href="PHP: PHP 8 ChangeLog.
+</p> </div>
+ </content>
+</entry>
diff --git a/include/release-qa.php b/include/release-qa.php
index a071ce8574..001f34944b 100644
--- a/include/release-qa.php
+++ b/include/release-qa.php
@@ -75,12 +75,12 @@
'active' => true,
'release' => [
'type' => 'RC',
- 'number' => 1,
- 'sha256_bz2' => 'e15a82d2841aee277e21506e7e9056747035f0c89f05de7d9d0d4199e872b39f',
- 'sha256_gz' => 'ab863318f529ace5e1f96db1670e3ca537d10668fbe055ca76b7d9d098303137',
- 'sha256_xz' => 'c5d532ac0d599413a1771ed894102f4d5a255e47a81ffa3475c6dae6d097227a',
+ 'number' => 0,
+ 'sha256_bz2' => '',
+ 'sha256_gz' => '',
+ 'sha256_xz' => '',
'date' => '18 Jun 2026',
- 'baseurl' => 'Index of /~calvinb‘,
+ 'baseurl' => 'https://downloads.php.net/’,
],
],
diff --git a/include/releases.inc b/include/releases.inc
index d926d66322..3e95d3bca0 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -2,6 +2,42 @@
$OLDRELEASES = array (
8 =>
array (
+ '8.4.22' =>
+ array (
+ 'announcement' =>
+ array (
+ 'English' => '/releases/8_4_22.php',
+ ),
+ 'tags' =>
+ array (
+ ),
+ 'date' => '04 Jun 2026',
+ 'source' =>
+ array (
+ 0 =>
+ array (
+ 'filename' => 'php-8.4.22.tar.gz',
+ 'name' => 'PHP 8.4.22 (tar.gz)',
+ 'sha256' => 'a012c2c9724baf214a70b41b40a7e130906b8855e54268afa5bc4ae17bc9d823',
+ 'date' => '04 Jun 2026',
+ ),
+ 1 =>
+ array (
+ 'filename' => 'php-8.4.22.tar.bz2',
+ 'name' => 'PHP 8.4.22 (tar.bz2)',
+ 'sha256' => '4b16e7e2c384ce25e07d28eb949855c4b4fe0d1b7b9ec9c8eebd05d0cfa9c532',
+ 'date' => '04 Jun 2026',
+ ),
+ 2 =>
+ array (
+ 'filename' => 'php-8.4.22.tar.xz',
+ 'name' => 'PHP 8.4.22 (tar.xz)',
+ 'sha256' => '696c0f6ad92e94c59059c1eb6e300842b8d050934226efcdf00f2a413cb083cf',
+ 'date' => '04 Jun 2026',
+ ),
+ ),
+ 'museum' => false,
+ ),
'8.3.31' =>
array (
'announcement' =>
diff --git a/include/version.inc b/include/version.inc
index 92cc729b1d..e3d567e995 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -34,13 +34,13 @@ $RELEASES = (function () {
/* PHP 8.4 Release */
$data['8.4'] = [
- 'version' => '8.4.22',
- 'date' => '04 Jun 2026',
- 'tags' => [], // Set to ['security'] for security releases.
+ 'version' => '8.4.23',
+ 'date' => '02 Jul 2026',
+ 'tags' => ['security'], // Set to ['security'] for security releases.
'sha256' => [
- 'tar.gz' => 'a012c2c9724baf214a70b41b40a7e130906b8855e54268afa5bc4ae17bc9d823',
- 'tar.bz2' => '4b16e7e2c384ce25e07d28eb949855c4b4fe0d1b7b9ec9c8eebd05d0cfa9c532',
- 'tar.xz' => '696c0f6ad92e94c59059c1eb6e300842b8d050934226efcdf00f2a413cb083cf',
+ 'tar.gz' => 'f43b69572cabfb91c023356f3ce197c782d8a255bc084c1a6af58c0e86cf7573',
+ 'tar.bz2' => 'c142c063b10cff68d072766e3ffbfb3654a089b938668b0830356437ee95e0fa',
+ 'tar.xz' => '1ab9f52008414e43bb2427ffa288eff2a4de39e1a830f957e800ba368d887a72',
]
];
diff --git a/releases/8_4_23.php b/releases/8_4_23.php
new file mode 100644
index 0000000000..23555cff23
--- /dev/null
+++ b/releases/8_4_23.php
@@ -0,0 +1,16 @@
+<?php
+$_SERVER['BASE_PAGE'] = 'releases/8_4_23.php';
+include_once __DIR__ . '/../include/prepend.inc';
+site_header('PHP 8.4.23 Release Announcement');
+?>
+<h1>PHP 8.4.23 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP 8.4.23. This is a security release.</p>
+
+<p>All PHP 8.4 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.4.23 please visit our <a href="https://www.php.net/downloads.php">downloads page</a>,
+Windows source and binaries can also be found <a href="PHP: Downloads.
+The list of changes is recorded in the <a href="PHP: PHP 8 ChangeLog.
+</p>
+<?php site_footer();